Ubuntu Linux install and configure OpenSSH (SSHD) server

I am totally impressed with new Ubuntu Linux server. Default installation did not install any single service 🙂

This gives pretty good control over box. Following command returned nothing:
$ sudo netstat -tulpn

However sshd is bare minimum these days and it should be installed by default.

To install openssh server type following command:
$ sudo apt-get install openssh-server

Make sure openssh is running:
$ netstat -tulpnOutput:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp6       0      0 :::22                   :::*                    LISTEN     3458/sshd

Now we will tight openssh security. First change default 22 port to something else like 512. This will avoid automated tools login into your box:
$ sudo su -
# vi /etc/ssh/sshd_config

Find line that read as follows:
Port 22
Replace port 22 with 512:
Port 512
Save and close the file. Restart sshd:
# /etc/init.d/ssh restartOutput:

 * Restarting OpenBSD Secure Shell server... 

Finally make sure you open port 512 using iptables. Type the following command to list current firewall rules:
$ sudo iptables -L -n

Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  
ACCEPT     all  --             state RELATED,ESTABLISHED
ACCEPT     tcp  --             tcp dpts:6881:6882
ACCEPT     tcp  --             tcp dpt:443
ACCEPT     udp  --             udp dpt:514
ACCEPT     all  --
ACCEPT     all  --
ACCEPT     all  --
LOG        all  --             LOG flags 0 level 4
DROP       all  --  

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  

Use GUI program such as firestarter to manage and open port 22 (ssh port).
$ sudo firestarter &

Updated for accuracy.

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 25 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
25 comments… add one
  • alex Nov 9, 2006 @ 14:19

    short but to the point and of use!

  • rich Nov 12, 2006 @ 11:30

    shouldn’t package name be openssh-server, hyphen is in wrong place?

  • 🐧 nixCraft Nov 12, 2006 @ 12:29


    Thanks for heads up! Article is updated!!!

  • Gabe Nov 30, 2006 @ 21:01

    Hey! This ie exactly what I was looking for. Thanks so much!

  • neon Jan 31, 2007 @ 7:49

    Well it seems to match. However SSH still isn’t working.

  • 🐧 nixCraft Feb 1, 2007 @ 22:01


    What error you are getting?

  • Cappy Feb 15, 2007 @ 0:56

    Hm … I can SSH into my server when the port is set to 22 but as soon as I set it up to a high number (30,000) and restart the ssh server all I get are server rejections. ssh -p 30000 cappy@ just won’t work =(

  • 🐧 nixCraft Feb 15, 2007 @ 4:17

    Make sure firewall is not blocking your port 30000. Run following command to see current iptables.
    sudo iptables -L -n
    iptables -L -n

    Also /etc/hosts.allow and /etc/hosts.deny can block access.

  • Fulano Feb 27, 2007 @ 7:38

    I followed the instructions and I seem to be going alright, I can ssh locally as another user but I cannot seem to log in from remote locations, just seems to time out. Any ideas?

  • Cappy Feb 27, 2007 @ 9:12

    The problem was that I ran “/etc/init.d/ssh restart” as a user and not as an admin. It ended up giving a bunch of RSA errors and somehow prevented the system from switching ports when I then ran it from root. A simple reboot fixed it. Thanks for the guide!

  • xain Mar 29, 2007 @ 14:05

    what is the point that after changing port from 22 to 512, but still to make sure iptables open port 22?

  • 🐧 nixCraft Mar 30, 2007 @ 3:20


    It was typo and post has been updated. Thanks for heads up.

  • Markku Apr 1, 2007 @ 20:42

    I cant get it to work. When i try to run openssh-server it just says fail.

  • sungmin Jun 17, 2007 @ 20:09

    what is difference with login in with login and password and with PUB key ? also what if I have 10 users who needs to login to my Linux box, what is best way for them to login ? with login and password or with PUB KEYS ?

  • brandon Oct 29, 2007 @ 3:40

    I can ssh from ubuntu to osX, but not from osX to ubuntu. I had the same situation where I could go from winXP to osX, but not the other way. Since it works ubuntu to osX does that mean I need to switch the dsa keys around, or do they work but ways? So, it seems like the problem must be in ubuntu’s firewall or the router’s portforwarding. When I setup portforwarding I feel like I should open port 22 for the mac’sip if i want to get into the mac. Strangely that doesn’t work, but when I open port 22 for (the router’s ip) then I can ssh into the mac. I want to have SAMBA and VNC forwarded over ssh. I want the ubuntu to be headless but then I want to open VLC on the mac and watch a movie from the ubuntu. Once long ago I was able to get VNC to work both ways with a mac and a win2k machine. I don’t know what I’m doing wrong.

  • loh Mar 22, 2008 @ 15:05

    First time installing ubuntu 7.10. This was very helpful.

  • El Perro Loco Jan 2, 2009 @ 14:44

    Good article. Short, complete and to the point.

  • ssh_user Apr 7, 2009 @ 20:51

    Ubuntu 8.10 64 bits, no firewall active.
    After changing ssh listning port from 22 to 2223, connecting fails, see dump below
    Can somebody explain what can cause a ‘Read from socket failed: Connection reset by peer’. The question is in several forums, couldn’t find answers yet.


    jaap@jaap-laptop:~$ ssh -p 2223 jaap@localhost -vvv
    OpenSSH_5.1p1 Debian-3ubuntu1, OpenSSL 0.9.8g 19 Oct 2007
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to localhost [] port 2223.
    debug1: Connection established.
    debug1: identity file /home/jaap/.ssh/identity type -1
    debug1: identity file /home/jaap/.ssh/id_rsa type -1
    debug1: identity file /home/jaap/.ssh/id_dsa type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-3ubuntu1
    debug1: match: OpenSSH_5.1p1 Debian-3ubuntu1 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-3ubuntu1
    debug2: fd 3 setting O_NONBLOCK
    debug1: SSH2_MSG_KEXINIT sent
    Read from socket failed: Connection reset by peer
  • Japan Shah Jul 6, 2009 @ 5:15

    Thanks it works !!!

  • I can't see to get this working Jan 28, 2010 @ 10:28

    I try installing Ubuntu Server 8.10, and i tell u, installation when just fine. I get stuck on the part where u need to configure /etc/network/interfaces, that, because i need the server to have a static IP. I have ADSL connection, and IP’s r assing by the modem/router (Thompson SpeedTouch). IP’s r configure as “start – end” “sbnetmask” that’s in the modem/router, and obvious it gives me the router IP number. Now, if i want to assing a static IP to the server it should be some like “” SM “” and what is Broadcast, Network and some other’s that has to be edited with “VIM”. I mean, im from windows xp, and i want to host my own web page, and mail server, plus some sharing files locally, maybe log-on remotelly… that’s all i want; but this part is killing me. anyone willing to help please? thanks in advanced.

  • Samuel Berryman Feb 27, 2010 @ 12:46

    I have just installed Ubuntu 9.10 and it is all working fine! However when I try to install openssh like it tells me to above i get the following error:

    Reading Package Lists… Done
    Building dependency tree
    Reading state information… Done
    package openssh-server is not available, but is referred to by another package.
    This may mean that the package is missing, has been obsoleted, or
    is only available from another source
    E: Package openssh-server has no installation candidate

    I dont know why it is doing this and really could do with some help please!

  • Dmitry Apr 12, 2010 @ 8:16

    I had the same proplem.
    All you need do is to update your system:
    >sudo aptitude update

  • Melroy van den Berg May 21, 2010 @ 21:33

    You can also try putty, i prefer that more then firestarter.

  • trioggle Jun 2, 2010 @ 2:05

    Firestarter is a firewall gui, putty is a shell client.

  • hejmiki Sep 10, 2010 @ 15:06

    I think there is another TYPO

    correct me if i’m wrong
    You set up Port 22 –> Port 512

    and then in your output of sudo iptables -L -n
    there is no rule for accepting tcp on Port 512 but there is Port 514 (udp)

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum